The quick and dirty:
When I set up end to end encryption, and enable it on the laptop that has the files to back up, I am still able to access the files and see content from a terminal on the server where nextcloud server is running.
Does end to end encryption mean the data is only encrypted during transmission, and once received it is decrypted and stored without encryption? Or should the files also be encrypted on the server?
Additional information that may help provide a correct and useful answer:
So, before I start posting logs and stuff, I want to be sure this isn’t me misunderstanding what should be happening.
So I have created a test account, and used a test laptop running windows to download the desktop app to. I created some test files, and connected to the server. It uploaded all those test files just fine. The client told me that this server supports end to end encryption. So I enabled it, copied down the passphrase, and created some new files, expecting that if the old files didn’t get encrypted, at least the new ones would. These new files got uploaded, and were not encrypted on the server. I could still read the text files with nano.
What I want the end result to be:
So, basically what i am hoping for is for the files to be stored on the server unencrypted, that is NOT encrypted UNLESS the desktop app enables encryption, at which point the files on the server WILL be encrypted, giving each user the option if they want to have there files encrypted so they are secure, or have then unencrypted, so if they loose there password I am able to recover them.
So I enabled it, copied down the passphrase, and created some new files, expecting that if the old files didn’t get encrypted, at least the new ones would. These new files got uploaded, and were not encrypted on the server. I could still read the text files with nano.
E2EE, once enabled, only encrypts folders you (well, the end-user; not “you” the admin) specifically designate. It leaves all other files/folders alone (unencrypted). I think you’ll find this[1] recently updated documentation for it helpful. Hope that helps!
Okay, it seems as though I have encountered either a bug, or an user error… Well, 2 perhaps, but lets do one at a time. Let me share this screenshot with you.
So, the big green checkmark should indicate everything is synced correctly… Shouldn’t it? But then I get an error saying it isn’t synced correctly.
WTF?
Uh… DUH? Thats because I just created the file… I need you the server to create it. Thats why it doesn’t exist.
The server has this to say:
{“reqId”:“QlYha2gc8HyNGPbheiOx”,“level”:3,“time”:“2024-02-14T20:40:27+00:00”,“remoteAddr”:“192.168.1.162”,“user”:“test1”,“app”:“no app in context”,“method”:“POST”,“url”:“/remote.php/dav/bulk”,“message”:“Unexpected EOF while reading stream.”,“userAgent”:“Mozilla/5.0 (Windows) mirall/3.12.0stable-Win64 (build 20240213) (Nextcloud, windows-10.0.22621 ClientArchitecture: x86_64 OsArchitecture: x86_64)”,“version”:“27.0.0.8”,“data”:,“id”:“65cd2c31ebe71”}
Can you update to a supported version of Nextcloud Server? I’d suggest v27.1.5 as the closest to / most reliable of what you’re currently using. (v27.1.6 would be fine too probably, at least for E2EE purposes).
You’re running a wildly unpatched release lacking any bug (and security) fixes.
Okay, just to make things easier, I destroyed and recreated the docker containers, this time with the :stable flag (Latest was giving me that version I was using)
Now: Nextcloud Hub 6 (27.1.6)
Okay. I am getting the same error on the client. On the server I am receiving no errors at the time of sync, but do have some errors from before that that seem related. This is a big one:
p.s. Perhaps there is a better stack I can use to create/run this container pair? I am not against a different VIDEO tutorial then the one I used. Bot anything that requires more then just a basic stack I can modify will require video due to my disabilities. I use and must use docker and portainer.
[no app in context] Error: OCP\Lock\LockedException: “/files_external” is locked at <>
/var/www/html/lib/private/Files/View.php line 1150
OC\Files\View->changeLock(“/files_external”, 2)
/var/www/html/lib/private/Files/View.php line 244
OC\Files\View->basicOperation(“mkdir”, “/files_external”, [“create”,“write”])
/var/www/html/lib/private/Security/CertificateManager.php line 132
OC\Files\View->mkdir(“/files_external/”)
/var/www/html/lib/private/Security/CertificateManager.php line 247
OC\Security\CertificateManager->createCertificateBundle(“*** sensitive parameters replaced ***”)
/var/www/html/lib/private/Http/Client/Client.php line 133
OC\Security\CertificateManager->getAbsoluteBundlePath()
/var/www/html/lib/private/Http/Client/Client.php line 80
OC\Http\Client\Client->getCertBundle()
/var/www/html/lib/private/Http/Client/Client.php line 230
OC\Http\Client\Client->buildRequestOptions([60])
/var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php line 123
OC\Http\Client\Client->get(“https://apps.ne … n”, [60])
/var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php line 86
OC\App\AppStore\Fetcher\Fetcher->fetch(“”, “”)
/var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php line 193
OC\App\AppStore\Fetcher\AppFetcher->fetch(“”, “”, false)
/var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php line 187
OC\App\AppStore\Fetcher\Fetcher->get(false)
/var/www/html/lib/private/Installer.php line 422
OC\App\AppStore\Fetcher\AppFetcher->get(false)
/var/www/html/apps/updatenotification/lib/Notification/BackgroundJob.php line 252
OC\Installer->isUpdateAvailable(“activity”)
/var/www/html/apps/updatenotification/lib/Notification/BackgroundJob.php line 150
OCA\UpdateNotification\Notification\BackgroundJob->isUpdateAvailable(“activity”)
/var/www/html/apps/updatenotification/lib/Notification/BackgroundJob.php line 76
OCA\UpdateNotification\Notification\BackgroundJob->checkAppUpdates()
/var/www/html/lib/public/BackgroundJob/Job.php line 81
OCA\UpdateNotification\Notification\BackgroundJob->run(null)
/var/www/html/lib/public/BackgroundJob/TimedJob.php line 103
OCP\BackgroundJob\Job->start([“OC\BackgroundJob\JobList”])
/var/www/html/lib/public/BackgroundJob/TimedJob.php line 93
OCP\BackgroundJob\TimedJob->start([“OC\BackgroundJob\JobList”])
/var/www/html/cron.php line 177
OCP\BackgroundJob\TimedJob->execute([“OC\BackgroundJob\JobList”], [“OC\Log”])
Caused by:
InvalidArgumentException: $absolutePath must be relative to “files” at <>
/var/www/html/lib/private/Files/View.php line 1985
OC\Files\View->getPathRelativeToFiles(“/files_external”)
/var/www/html/lib/private/Files/View.php line 1150
OC\Files\View->changeLock(“/files_external”, 2)
/var/www/html/lib/private/Files/View.php line 244
OC\Files\View->basicOperation(“mkdir”, “/files_external”, [“create”,“write”])
/var/www/html/lib/private/Security/CertificateManager.php line 132
OC\Files\View->mkdir(“/files_external/”)
/var/www/html/lib/private/Security/CertificateManager.php line 247
OC\Security\CertificateManager->createCertificateBundle(“*** sensitive parameters replaced ***”)
/var/www/html/lib/private/Http/Client/Client.php line 133
OC\Security\CertificateManager->getAbsoluteBundlePath()
/var/www/html/lib/private/Http/Client/Client.php line 80
OC\Http\Client\Client->getCertBundle()
/var/www/html/lib/private/Http/Client/Client.php line 230
OC\Http\Client\Client->buildRequestOptions([60])
/var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php line 123
OC\Http\Client\Client->get(“https://apps.ne … n”, [60])
/var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php line 86
OC\App\AppStore\Fetcher\Fetcher->fetch(“”, “”)
/var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php line 193
OC\App\AppStore\Fetcher\AppFetcher->fetch(“”, “”, false)
/var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php line 187
OC\App\AppStore\Fetcher\Fetcher->get(false)
/var/www/html/lib/private/Installer.php line 422
OC\App\AppStore\Fetcher\AppFetcher->get(false)
/var/www/html/apps/updatenotification/lib/Notification/BackgroundJob.php line 252
OC\Installer->isUpdateAvailable(“activity”)
/var/www/html/apps/updatenotification/lib/Notification/BackgroundJob.php line 150
OCA\UpdateNotification\Notification\BackgroundJob->isUpdateAvailable(“activity”)
/var/www/html/apps/updatenotification/lib/Notification/BackgroundJob.php line 76
OCA\UpdateNotification\Notification\BackgroundJob->checkAppUpdates()
/var/www/html/lib/public/BackgroundJob/Job.php line 81
OCA\UpdateNotification\Notification\BackgroundJob->run(null)
/var/www/html/lib/public/BackgroundJob/TimedJob.php line 103
OCP\BackgroundJob\Job->start([“OC\BackgroundJob\JobList”])
/var/www/html/lib/public/BackgroundJob/TimedJob.php line 93
OCP\BackgroundJob\TimedJob->start([“OC\BackgroundJob\JobList”])
/var/www/html/cron.php line 177
OCP\BackgroundJob\TimedJob->execute([“OC\BackgroundJob\JobList”], [“OC\Log”])
GET /cron.php
from 192.168.1.151 at 2024-02-15T16:51:25+00:00
Okay, just to make things easier, I destroyed and recreated the docker containers, this time with the :stable flag (Latest was giving me that version I was using)
This will happen if you’ve previously pulled that image (e.g. 6+ months ago). Docker just uses the image from your local cache until you tell it to pull an image again to get a newer one.
I can’t say how to check in Portainer offhand, but the native Docker command will show you the age of that image:tag combo:
docker image ls nextcloud:latest
InvalidArgumentException: $absolutePath must be relative to “files” at <>
Looks like something unexpected with an External Storage mount. Are all your External Storage mounts working?
Yes, the filesystem is fine. I have SSHed into the client and am able to view/work in those directories (That’s why I knew the files before were not being encrypted on the server, and I tested again.)
Okay, so I decided to set up again from scratch, because why not? Gave it a new folder to work with, set it with permission 777, and then right after setup I got this error. I will try ignoring it, and doing things one step at a time to see if other errors pop up, or other things occur.
[index] Error: RuntimeException: Could not get appdata folder for preview at <>
/var/www/html/lib/private/Files/AppData/AppData.php line 147
OC\Files\AppData\AppData->getAppDataFolder()
/var/www/html/lib/private/Preview/Storage/Root.php line 74
OC\Files\AppData\AppData->newFolder(“d/8/2/c/8/d/1/53”)
/var/www/html/lib/private/Preview/Generator.php line 613
OC\Preview\Storage\Root->newFolder(“53”)
/var/www/html/lib/private/Preview/Generator.php line 139
OC\Preview\Generator->getPreviewFolder([“OC\Files\Node\File”])
/var/www/html/lib/private/Preview/Generator.php line 116
OC\Preview\Generator->generatePreviews([“OC\Files\Node\File”], [[250,250,true,“fill”]], “text/markdown”)
/var/www/html/lib/private/PreviewManager.php line 192
OC\Preview\Generator->getPreview([“OC\Files\Node\File”], 250, 250, true, “fill”, null)
/var/www/html/core/Controller/PreviewController.php line 144
OC\PreviewManager->getPreview([“OC\Files\Node\File”], 250, 250, true, “fill”)
/var/www/html/core/Controller/PreviewController.php line 113
OC\Core\Controller\PreviewController->fetchPreview([“OC\Files\Node\File”], 250, 250, false, true, “fill”)
/var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 230
OC\Core\Controller\PreviewController->getPreviewByFileId(53, 250, 250, false, true, “fill”)
/var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 137
OC\AppFramework\Http\Dispatcher->executeController(["OC\Core\Cont … "], “getPreviewByFileId”)
/var/www/html/lib/private/AppFramework/App.php line 183
OC\AppFramework\Http\Dispatcher->dispatch(["OC\Core\Cont … "], “getPreviewByFileId”)
/var/www/html/lib/private/Route/Router.php line 315
OC\AppFramework\App::main(“OC\Core\Controller\PreviewController”, “getPreviewByFileId”, ["OC\AppFramewo … "], [“core.Preview.getPreviewByFileId”])
/var/www/html/lib/base.php line 1068
OC\Route\Router->match(“/core/preview”)
/var/www/html/index.php line 38
OC::handleRequest()
GET /core/preview?fileId=53&x=250&y=250
from 192.168.1.151 by admin at 2024-02-15T18:12:07+00:00
So, after ignoring it, I got another message, a warning this time about not being able to connect to the app store. And again, everything syncs EXCEPT the encrypted folder. Nothing in the logs to help, and vague message on the client.
Since everything else syncs fine, unless there is something I am not thinking about, I would guess that in itself proves the external filesystem is fine.
Forgive the question… Is there a dumbed down, simple version of this that “Just works?” I am not trying to be rude, I am just trying to find a simple solution. I don’t need about 90% of what comes with this. I need backup, that is automated, and either is, is not encrypted at the client descension. To be honest, getting this working may be for nothing, as I need to be able to add a folder encrypted. The client seems to refuse to encrypt a folder unless it is empty, I need to be able to add it and have it encrypted off the bat. So I guess I should ask if that si even possible.
Sorry if I am getting a bit ranty, I am just getting very frustrated. I have been putting this off for over a year because of the mass frustration of getting this working how I need.
Can you share your actual Compose file as well as the output of occ config:list system from inside your container?
The way this thread started it did not appear it was going to go this deep so I did not request it, but typically we’d ask for all that before even responding.
These errors do not simply come up in a clean install so something else is going on here.
What installation guide did you follow?
An app store connection error indicates your app container either lacks outbound connectivity DNS resolution.
And you’ve talked about recreating things several times, but I’m unclear whether you’re also destroying volumes in between as well as your database container state, etc.
